Equifax blames hack on state actors, but breach followed spat with security contractor

From the Boing Boing Shop

Follow Us

Equifax sources say that the massive breach of 140,000,000 Americans' personal information was the result of state-sponsored hackers, likely from China, but attribution is hard and inexact.

One thing we can attribute the breach to, though, is bungling. Equifax and Mandiant -- its independent security contractor -- got into "a squabble" just as the hackers were breaking into Equifax's systems, and by the time everything had been smoothed over, the attackers had installed 30 web-shells in Equifax's systems, any one of which would allow attackers to have free run of Equifax's data.

In the years preceding the breach, then-Equifax CEO Richard Smith (who quit last week, pocketing $90,000,000 on his way out the door) went on an acquisition spree in a bid to rapidly grow the company's bottom line. He purchased "two dozen companies that have given Equifax new ways to package and sell data, while expanding operations to 25 countries and 10,000 employees," and quadrupled the company's share price.

At the same time, the company's ability to manage the unimaginable mountains of compromising personally identifying information it had coerced, for free, from the American public was in crisis. Employees routinely mishandled sensitive information, and the security team at Equifax was sidelined as the company struggled with the IT challenges of integrating dozens of data-mining acquisitions who demanded unfettered access to the company's databases.

Although the hackers inside Equifax were able to evade detection for months, once the hack was discovered on July 29, investigators quickly reconstructed their movements down to the individual commands they used. The company's suite of tools included Moloch, which works much like a black box after an airliner crash by keeping a record of a network's internal communications and data traffic. Using Moloch, investigators reconstructed every step.

Once the hackers found the vulnerability Zheng reported, they installed a simple backdoor known as a web shell. It didn't matter if Equifax fixed the vulnerability after that. The hackers had an invisible portal into the company's network. The Moloch data suggests the initial group of hackers struggled to jump through internal roadblocks like firewalls and security policies, but that changed once the advanced team took over. Those intruders used special tunneling tools to slide around firewalls, analyzing and cracking one database after the next—while stockpiling data on the company's own storage systems.

Besides amassing data on nearly every American adult, the hackers also sought information on specific people. It's not clear exactly why, but there are at least two possibilities: They were looking for high-net-worth individuals to defraud, or they wanted the financial details of people with potential intelligence value.

For a generation, big box stores have swept across America, using predatory pricing and other dirty tricks to kill the independent retail sector; they used their corporate lobbying muscle to tempt cities and towns into handing out massive corporate welfare checks to lure them to town, and now, with the help of hustling contingency lawyers, […]

Ever wondered what it takes to make the transition from amateur photography to a full career? If you answered “a better camera,” you’re half right. Before you get the equipment, get the know-how to use it with the Hollywood Art Institute Photography Course & Certification. Taught by experienced pros, this course is geared towards shutterbugs […]

Anyone can learn piano, but don’t tell that to the bored kids who had to endure hours of “Chopsticks” and similar drills in their music lessons. Today, there’s a better way. Pianoforall lets you jump right in to discover what makes music fun, leaving you eager to learn more. In a simple but innovative approach, […]